CATEGORIES
home News

PaneraBread.com Leaks Millions Of Customers' Personal Data Bread Crumbs On The Internet

by Paul LillyTuesday, April 03, 2018, 11:49 AM EDT
Panera Bread

Panera Bread knows how to make a delicious sandwich, that is something we can confidentially say (The Italian is this editor's go-to item on the menu). Unfortunately, it might not be as good with security. Security researcher Brian Krebs with KrebsOnSecurity says Panera Bread's website leaked millions of customer records containing a plethora of personal information, with the data made available in plain text. Yikes!

The security breach compromised customer records containing names, email addresses, physical addresses, birthdays, and the last four digits of credit card numbers. That is the kind of information that can make identify theft a little easier, though fortunately no social security numbers were compromised (it would have been silly for Panera Bread to collect such information in the first place).

Panera Bread
Source: KrebsOnSecurity

Panera Bread has more than 2,100 retail locations in the United States. The food chain allows customers to order items online at its website for pickup in one of its stores, or for delivery. That is all fine and dandy, but storing the information in plain text is a major no-no.

The breach was first spotted by Dylan Houlihan, a security researchers who notified Panera Bread about the customer data leak eight months ago. Mike Gustavison, Panera's director of information security, initially thought it was a scam and dismissed the tip. However, the information was validated a week later, prompting Panera Bread to work on a fix.

"Panera Bread uses sequential integers for account IDs, which means that if your goal is to gather as much information as you can instead about someone, you can simply increment through the accounts and collect as much as you’d like, up to and including the entire database," Dylan Houlihan told KrebsOnSecurity.

Even worse is that the records can be indexed and crawled by automated tools relatively easily. And even though Panera Bread was aware of the issue since August of last year, "the flaw never disappeared," Houlihan said, adding that "checked on it every month or so because I was pissed."

Panera Bread's website was briefly taken offline yesterday after being contacted by KrebsOnSecurity. It appears that its customer records are no longer reachable. Even so, if you've registered and made a purchase on Panera Bread's website, keep an eye on your credit card statements for any foul play.

Thumbnail and Top Image Source: Flickr via Mike Mozart
Tags:  security, panera bread
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment